FAQ - README

Most of the content on this blog will be automatically published by some scripts I run at a set interval. These scripts analyse the output from a very low bandwidth Open DNS resolver that I run.

This open resolver is frequently 'abused' by cybercriminals to perform DNS amplification attacks.

You might wonder why I do this as I appear to be attacking random hosts on the internet.

Well first of all, it is very interesting to see what hosts get attacked.
Secondly observing the incomming spoofed traffic from the real attacker(s) reveals some information about the attack that the receiver cannot see.

Disclamer:

I AM NOT THE ATTACKER.I AM NOT A CROOK.I AM NOT A CYBERCRIMINAL.I'm a good guy reporting evil!

Traffic originated from my resolver is very small and will be less than a drop compared to the traffic that is going your way as a result of the millions of open resolvers** on the net. Though if an attack lasts for too long and surpasses a certain threshold, I will automatically stop participating. This does not impact the stats shown on the blog.